Jack Taylor / Getty ImagesTwitter DMs obtained by BuzzFeed News show that in the summer of 2016, WikiLeaks was working to obtain files from Guccifer 2.0, an online hacktivist persona linked to by Russian military intelligence, the clearest evidence to date of WikiLeaks admitting its pursuit of Guccifer 2.0.

“[P]lease ‘leave,’ their conversation with them and us,” WikiLeaks asked journalist Emma Best, who was also negotiating with Guccifer 2.0 for access to what it had teased on its blog as “exclusive access” to hacked Democratic Congressional Campaign Committee files. “[W]e would appreciate it if you did not dump the docs and obviously archive.org will delete them anyway.”

WikiLeaks had mentioned Guccifer 2.0 a single time before, tweeting in June 2016 — five weeks before it released its first dump of Democratic National Committee emails — that the persona had claimed it gave WikiLeaks DNC emails.

But by the time of the DM conversation with Best, WikiLeaks founder Julian Assange had shifted the story of how WikiLeaks acquired those emails, giving repeated TV interviews that floated Seth Rich, a Democratic staffer who had been murdered in what police concluded was a botched robbery, as his real source.

The messages between Assange and Best, a freelance national security journalist and online archivist, are the starkest proof yet that Assange knew a likely Russian government hacker had the Democrat leaks he wanted. And they reveal the deliberate bad faith with which Assange fed the groundless claims that Rich was his source, even as he knew the documents’ origin.

Best told BuzzFeed News she first reached out to Guccifer 2.0 in August 2016 after it posted on its WordPress account a call for journalists who wanted its files. “I sent them a Direct Message and referred to that, asking what they had in mind,” Best told BuzzFeed News over Signal. Best has experience posting large data sets, and wondered if she could host the files on archive.org, a nonprofit digital library.

But Guccifer 2.0 had another idea. “[I] gonna send a large trove to wikileaks,” it said. Best, who had DMed with WikiLeaks before, relayed that message to WikiLeaks in a direct message on Twitter. Neither party conveyed to her whether they had interacted together before.

“I told them that Guccifer 2.0 was considering giving me at least part of the cache, which is when they asked me to be their ‘agent,’ which they said I would get ‘credit’ for,” Best said. She didn’t agree to act as Assange’s agent, she said, but stopped messaging with Guccifer 2.0.

WikiLeaks was adamant in its communications with Best that it didn't want anyone else to leak the files.

“[T]hese other media groups are very likely to take a stupid initial angle,” WikiLeaks said in one message sent Aug. 12 at 9:14 p.m., adding that other news outlets would focus less on the content of the leaks than how they came to be. “‘We don’t know if its true. Possibly russians who knows blah blah blah.’”

WikiLeaks’s pitch worked. “I dropped the matter with both parties and never received or passed on any exclusive G2, DNC, Podesta, etc. documents,” Best said.

Less than an hour after WikiLeaks’s last message to Best, Guccifer 2.0 tweeted that it had handed those documents over.

GUCCIFER 2.0‏

@GUCCIFER_2Follow Follow @GUCCIFER_2More#Guccifer2 I'll send the major trove of the #DCCC materials and emails to #wikileakskeep following...

Who was in control of the WikiLeaks Twitter account cannot be known with certainty. But Assange is widely considered to be the primary user of the @WikiLeaks Twitter handle, and Best believed her chats with that handle “were with him or his proxy.”

Best said she deleted all her direct messages after noticing someone was trying to hack her Twitter account, but recently found the email notifications that users receive when they get a DM on Twitter. A lawyer for WikiLeaks did not respond to a request for comment.

The following is the entirety of WikiLeaks’s messages to Best that night, according to the emails she provided. All times are Eastern. (Twitter does not send a user copies of its own messages, so the contents Best provided are one-sided.)

8:43 pm: please “leave” their conversation with them and us

8:43 pm: we would appreciate it if you did not dump the docs and obviously archive.org will delete them anyway

9:12PM: Impact is very substantially reduced if the "news" of a release doesn't co-incide with the ability to respond to the news by searching

9:13 pm: non-searchable dumps are just channeled into a few orgs with technical resources. then others won't touch them because they perceive that the cherries have all been picked by techdirt or whatever.

9:14 pm: and these other media groups are very likely to take a stupid initial angle

9:15pm: “We don’t know if its true. Possibly russians who knows blah blah blah” because they don’t properly verify prior to publication and are scared because they’re not us, contaminating the entire release

9:18: in that regretable event, from our perspective, please just act as our agent we can ensure you get the right credit, cross promotion etc.

Before Guccifer 2.0 began speaking with Best, the account had repeatedly claimed to be Assange’s source, though it was a one-sided relationship. On June 15, more than a month before WikiLeaks published its first of two batches of Democratic emails, the persona wrote in an email to the Smoking Gun that it had “thousands of files and mails” that it already “gave to Wikileaks.” When WikiLeaks released its first batch of Democrats’ emails in the 2016 campaign, the “DNC Leaks,” Guccifer 2.0 claimed to be the source.

But Assange chose, in television interviews both immediately before and after his conversation with Best, to not publicly bring up Guccifer 2, and instead to tease the conspiracy theory that Seth Rich, the Democratic National Committee staffer whose murder spawned conspiracy theories, could be the source for his leaks.

The Seth Rich conspiracy held, in essence, that Rich, a DNC staffer who supported Bernie Sanders, grew disillusioned with the party after Hillary Clinton won the nomination, stole emails to give to WikiLeaks and was killed for it.

The theory didn't account for how a regular staffer would have had access to Clinton campaign manager John Podesta’s email account, which WikiLeaks released in October, or files stored on the DCCC’s server, which Guccifer 2.0 released slowly over the summer on its WordPress account and in emails to reporters. Nor did it account for why the NSA, FBI, and CIA, as well as a number of US and foreign private threat intelligence companies, would each conclude there was sufficient evidence that the GRU, Russia’s military intelligence arm, had indeed hacked those targets.

Rich's murder, two weeks after Assange first began leaking the hacked DNC documents, was likely the result of a robbery attempt gone bad, police concluded. But the conspiracy theory was spread quickly by alt-right social media figures and conservative news sites, and lasted far beyond the election, with people like Fox News commentator Sean Hannity talking about it for months after Trump took office.

Rich's parents have since sued Fox News over “the pain and anguish that comes from seeing your murdered son's life and legacy treated as a mere political football.” His brother Aaron has sued two other right-wing commentators who pushed the theory that Aaron aided his brother and illegally helped cover it up. Fox declined to comment on the legal action, but noted it has retracted the story and that Hannity announced in May 2017 that he would stop coverage of the hoax out of respect for Rich's family.

Three days before the conversation with Best, Assange brought up Rich unprompted during an appearance via livestream on Netherlands's Nieuwsuur, a nightly public news broadcast: “Whistleblowers go to significant efforts to get us material, at often very significant risks,” he said. “There's a 27-year-old that works for the DNC who was shot in the back, murdered, just a few weeks ago for unknown reasons, as he was walking down the street in Washington,” he said.

That same day, the WikiLeaks Twitter account announced it would offer a reward for information leading to the conviction of Rich's killer.

WikiLeaks‏Verified account

@wikileaksFollow Follow @wikileaksMoreANNOUNCE: WikiLeaks has decided to issue a US$20k reward for information leading to conviction for the murder of DNC staffer Seth Rich

.

Despite privately angling for Guccifer 2.0’s files, Assange continued to push the Seth Rich story. Two weeks after the conversation with Best, Assange appeared on Fox News, and while he didn’t claim Rich was murdered over the leaks, he refused to deny it, either, and made no mention of any other source.

“If there’s any question about a source of Wikileaks being threatened, people can be assured that this organization will go after anyone who may have been involved in some kind of attempt to coerce or possibly kill a potential source,” Assange said.

“I know you don't want to reveal your source, but it certainly sounds like you're suggesting a man who leaked information to WikiLeaks was then murdered,” said host Megyn Kelly.

“If there's someone who's potentially connected to our publications and that person is then murdered in suspicious circumstances, it doesn't necessarily mean that the two are connected. But that type of allegation is very serious and it's taken very seriously by us,” Assange replied. Since then, WikiLeaks has tweeted numerous times about the theory, never disputing it.

Beyond the June 2016 tweet, Assange made no mention of Guccifer 2.0. As with previous misdirections, hinting that Rich was responsible gave WikiLeaks a means of not implicating the Russian government.

WikiLeaks has been caught covering for Russia at least twice before, both in the summer of 2016, when it declined to publish a huge cache of Russian government data, and in its 2012 exclusion, in its published “Syria Files,” of a $2.4 billion transaction from the Central Bank of Syria to the VTB Bank in Russia. In September, it finally published 35 files from a private Russian intelligence company, but most of them were already public and of little news value, leading experts to allege that was a decision to quiet criticism that WikiLeaks was too friendly to Russia.

Details about the true identity of Guccifer 2.0 are still coming to light. But in many ways, it was obvious from the start.

Guccifer 2.0 first appeared online on June 15, exactly one day after the Washington Post broke the story that the DNC had been hacked and that Russia’s military intelligence agency was behind it. Guccifer 2.0 claimed to be Romanian, but didn’t understand the language. It used a shady Russian VPN service that gave it access to IP addresses that weren’t commercially available. Despite having files from congressional races all over the country, it prioritized leaks of swing states.

In a joint report released after the election, in January 2017, the US’s top intelligence agencies announced that “We assess with high confidence that the GRU relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks. Moscow most likely chose WikiLeaks because of its self-proclaimed reputation for authenticity.” The GRU, the report said, “used the Guccifer 2.0 persona.”

Last month, the Daily Beast reported that either Twitter or Wordpress noticed at least once that someone logged into the Guccifer 2.0 account without turning on a VPN, revealing an IP address belonging to the GRU in Moscow.

The files that Guccifer 2.0 published on its WordPress account don't appear in Assange’s first release in 2016 of hacked Democratic files, which WikiLeaks calls the DNC Email Archive on its website. But WikiLeaks's second release, the Podesta Emails, which began after the conversation about Guccifer 2.0, contain a number of files that had previously been posted to Guccifer 2.0's blog.

In between those releases, on August 12, 2016, it was clear from those messages to Best that the WikiLeaks Twitter account knew that Guccifer 2.0 was the source of hacked Democratic documents.

WikiLeaks’s formal policy is to never publicly identify a source of its leaks, and Assange still refers to Chelsea Manning, the whistleblower who has admitted and spent years in prison for giving WikiLeaks Army Intelligence documents, as an “alleged source.” He never mentioned Guccifer 2.0 or any other party as a potential source in those interviews.

...except any analysis beyond surface-level shows NO substantive link tying Guccifer to Russia. Articles/blog postings detailing the lack of evidence Re: Russia ties were provided here across several threads. Why is this canard being repeated? If there is concrete evidence tying this hacker to Russia, showcase them to refute the findings indicating otherwise.(not a surprise the article emanates from buzzfeed, but better due-diligence should be applied here.)

overcoming hope » 05 Apr 2018 04:21 wrote:I'm going to sound like a jerk, but RI is full of old folks and with the evolution of public relations and the layering of new forms of media it is just getting too confusing for all the old fogeys. No offense!

Au contraire, OH. I think the fact that some of us existed prior to our species' immersion into these new fangled Panopticon command/control information ecosystems gives us a superior sense of how these ecosystems are affecting us all, for better or worse. It's a little thing called 'perspective'.

...except any analysis beyond surface-level shows NO substantive link tying Guccifer to Russia. Articles/blog postings detailing the lack of evidence Re: Russia ties were provided here across several threads. Why is this canard being repeated? If there is concrete evidence tying this hacker to Russia, showcase them to refute the findings indicating otherwise.(not a surprise the article emanates from buzzfeed, but better due-diligence should be applied here.)

Oh right, Guccifer 2.0 is Romanian.

Even just a scroll through this criminal fuckwad's Wikipedia page shows evidence tying this hacker to Russia. The sources listed are numerous; Buzzfeed is not on the list. Not that I doubt you'll approve of all (or any) of the sources they use, but could you link your sources, beyond surface level or not, proving Guccifer 2.0 has no ties to Russia?

"Huey Long once said, “Fascism will come to America in the name of anti-fascism.” I'm afraid, based on my own experience, that fascism will come to America in the name of national security."-Jim Garrison 1967

overcoming hope » 05 Apr 2018 04:21 wrote:I'm going to sound like a jerk, but RI is full of old folks and with the evolution of public relations and the layering of new forms of media it is just getting too confusing for all the old fogeys. No offense!

Au contraire, OH. I think the fact that some of us existed prior to our species' immersion into these new fangled Panopticon command/control information ecosystems gives us a superior sense of how these ecosystems are affecting us all, for better or worse. It's a little thing called 'perspective'.

J.

I was mostly trying to be funny, but I do know so many baby boomers who implicitly trust an appliance to describe the world to them.

Note: I never indicated there is "proof", simply compelling analysis that, to this point, I've yet to see soundly refuted.Welcome any findings that clearly indicate otherwise.

Note, part 2: I generally don't dismiss ("disapprove") a source outright, but historical perspective provides much context; if a source sings a certain tune off-key, it typically will continue to do so.Still, any mainstream source is capable of providing useful information; some may require more parsing than others.Lately, however, the crap-meter has been in the red, glaringly so.

“If I give you a malware binary to reverse engineer, what do you see?” This is the question that had been posited by Michael Tanji, the retired cyber intelligence analyst. “Exactly what the author wants you to see.”

I want you to see words in a language that would throw suspicion on someone else.

An article published in ArsTechnica highlighted the work of an independent security researcher, Adam Carter, who had uncovered evidence that some of the documents released by Guccifer 2.0 in his initial document dump had been manipulated in a manner which introduced Russian words, in the Cyrillic alphabet, into the metadata of the documents, including a reference to “Felix Edmundovich,” the first name and patronymic of the founder of the Soviet security service, Felix Dzerzhinsky. The combination of the Cyrillic alphabet and the reference to a Russian spymaster seems ideal if one is trying to attribute its existence to the Russian intelligence services.I want you to see that my code was compiled in a particular foreign language (even though I only read and/or write in a totally different language).

FireEye, a well-known cyber security company, has written a report on APT-28 (another name for Fancy Bear), highlights a number of Russian language indicators, including the consistent use of Russian language in malware code over the course of six years.

I want you to see certain comments or coding styles that are the same or similar to someone else’s (because I reuse other people’s code.)

Fidelis Security, another well-known cyber security company, was provided samples of the Cozy Bear and Fancy Bear malware for “independent analysis.” According to Fidelis, these samples matched the description provided by CrowdStrike and “contained complex coding structures and utilized obfuscation techniques that we have seen advanced adversaries utilize in other investigations we have conducted,” Michael Buratowski, the senior vice president of security consulting services at Fidelis, noted. The malware was “at times identical to” malware that other cyber security vendors, such as Palo Alto Networks, have attributed to Fancy Bear. Many of these similarities have been previously identified by other cyber security vendors and made public as far back as 2013.

I want you to see data about compilation date/time, PDB file path, etc., which could lead you to draw erroneous conclusions have no bearing on malware behavior or capability.

FireEye, in its report on APT-28 (i.e., Fancy Bear), also notes that the compile times associated with the malware align with the work hours and holiday schedules of someone residing in the same time zone as Moscow and St. Petersburg.

The fascinating thing about Michael Tanji’s observations was that they were made in 2012, largely in response to the spate of China attributions headed up by Dmitri Alperovitch’s highly publicized 2011 Shady Rat report. Four years later, the fixation on pattern-derived attribution remained a problem within the cyber security collective, this time with Russia as the target de jour. In 2011, the Chinese caseload was spread across a broad field of separate cyber attacks. In 2016, the Russian data set was limited to a single event — the DNC cyber attack.

Moreover, the data set in 2016 was under the exclusive control of a single entity — CrowdStrike. While select malware samples were farmed out to like-minded vendors, for the most part outside analysis of the DNC cyber penetration was limited to the information provided by CrowdStrike in its initial report. Even the FBI found itself in the awkward position of being denied direct access to the DNC servers, having instead to make use of “forensic images” of the server provided by CrowdStrike, along with its investigative report and findings.

There is much unknown about these scans — were they taken from May 6, when CrowdStrike first detected what it assessed to be a Russian presence inside the DNC server? Or are they from June 10, the last day the server was in operation? The difference could be significant, keeping in mind the fact that there were more than 30 days between the two events.

In this intervening time, CrowdStrike watched Guccifer 2.0 exfiltrate documents. It also possibly engaged in offensive measures, such as the dangling of so-called “attractive data” (the Russian-language tainted opposition research documents come to mind.) The possibility of additional manipulation of data cannot be discounted. However, even though members of Congress are starting to call for the FBI to take physical possession of the server and conduct its own independent forensic investigation, the server remains in the possession of the DNC.

Through the release of its “Bears in the Midst” report, CrowdStrike anticipated that the US government and, by extension, the American people, would place their trust in CrowdStrike’s integrity regarding Russian attribution. The media has, for the most part, accepted at face value CrowdStrike’s Russian attribution regarding the DNC cyber attack.

The US government, while slower to come onboard, eventually published a Joint Statement by the Office of Director of National Intelligence and the Department of Homeland Security in October 2016 that declared, “The recent disclosures of alleged hacked e-mails…by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.”

On December 29, 2016, the FBI and DHS released a Joint Analysis Report (JAR) that directly attributed the presence of both the Cozy Bear and Fancy Bear actors on the DNC server to “spearfishing” attacks, thereby eliminating from consideration any possibility that Guccifer 2.0 penetrated the DNC server through a “zero day” exploit. This was a curious assessment, given that the only data in existence regarding what had transpired inside the DNC server was the data collected by CrowdStrike — data CrowdStrike maintains did not provide evidence pertaining to how the DNC server was initially breached by either Cozy Bear or Fancy Bear.

The Director of National Intelligence followed up with a National Intelligence Assessment, released on January 6, 2017, that similarly endorsed the findings of CrowdStrike when it came to Russian attribution for the Cozy Bear and Fancy Bear penetration of the DNC, as well as linking Guccifer 2.0 to the GRU, or Russian military intelligence. It was the strength of this national assessment that closed the book on debate on the matter of Russian attribution. Senators and Congressmen, intelligence officials and media pundits — all seem to be in agreement that Russia was singularly responsible for the cyber attack against the DNC, and the subsequent release of documents acquired from that breach. “Without a doubt,” “undeniable,” “incontrovertible” — this was the verbiage that accompanied any discussion of the case against Russia.

The genesis moment for this collective clarity, however, remains the carefully choreographed release of the CrowdStrike report, “Bears in the Midst,” and the accompanying Washington Post exclusive laying the blame for the DNC cyber attack squarely at the feet of Russia. From this act all else followed, leading to the certainty that accompanied this attribution was enough to overcome the challenge posed by the sudden appearance of Guccifer 2.0, enabling the same sort of shoehorned analysis to occur that turned Guccifer 2.0 into a Russian agent as well.

Much of this discussion turns on the level of credibility given to the analysis used by CrowdStrike to underpin its conclusions. Alperovitch, the author of the “Bears in the Midst” report, does not have a good record in this regard; one need only look at the controversy surrounding the report he wrote on Shady Rat while working for McAfee. A new report released by Alperovitch and CrowdStrike casts further aspersions on Alperovitch’s prowess as a cyber analyst, and CrowdStrike’s overall methodology used to make its Russian attribution.

On December 22, 2016, CrowdStrike published a new report purporting to detail a new cyber intrusion by the Fancy Bear actor, titled “Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units.” This analysis, prepared by Adam Meyers, CrowdStrike’s vice president for intelligence, was claimed to further support “CrowdStrike’s previous assessments that Fancy Bear is likely affiliated with the Russian military intelligence (GRU). This report was used to promote a Jan. 4 live discussion event with Meyers and Alperovitch, titled “Bear Hunting: History and Attribution of Russian Intelligence Operations,” which was intended to educate the audience on the links between Fancy Bear and the GRU.

The “Danger Close” report was presented as further validation of CrowdStrike’s Falcon Program, which CrowdStrike claims helps organizations stop cyber penetrations through proactive measures developed through a deep understanding of the adversary and the measures needed to stop them. It was Falcon that “lit up” ten seconds after being installed on the DNC server back on May 6, 2016, fingering Cozy Bear and Fancy Bear as the culprits in the DNC attack. Falcon was now being linked to this newest effort at Russian attribution.The only problem for Meyers, Alperovitch and CrowdStrike was that “Danger Close” was wrong — dead wrong — in every aspect of its analysis. The report was dissected by none other than Jeffrey Carr — the same individual who criticized Alperovitch over his Shady Rat claims. One of Carr’s most important findings deals directly with the credibility methodology used by CrowdStrike to attribute Fancy Bear to the GRU. “Part of the evidence supporting Russian government involvement in the DNC and related hacks (including the German Bundestag and France’s TV5 Monde),” Carr writes, “stemmed from the assumption that X-Agent malware was exclusively developed and used by Fancy Bear. We now know that’s false, and that the source code has been obtained by others outside of Russia.” Carr cites at least two examples, one a security company, the other a hacker collective, of the X-Agent malware existing “in the wild.” If these two entities have the X-Agent malware, Carr notes, “then so do others, and attribution to APT28/Fancy Bear/GRU based solely upon the presumption of ‘exclusive use’ must be thrown out.”

In one fell swoop, Carr destroyed the very premise upon which CrowdStrike not only attributed the DNC cyber attack to Russia, but the heart and soul of CrowdStrike’s business platform — the Falcon Platform used by CrowdStrike to provide “end point” protection to its clients. Far from representing an intelligent platform capable of discerning threats through advanced algorithms and proprietary techniques, the Falcon Platform seems to be little more than a database pre-programmed to deliver a preordained finding — X-Agent equals Fancy Bear, and Fancy Bear equals Russia.

Also, metadata analysis by an independent researcher which contradicts the 'Russia Hack' narrative:

Forensicator maintains his position that the most probable and plausible interpretation of the observations derived from the NGP VAN 7zip metadata is:

There is evidence that suggests the files in the NGP VAN archive were copied (twice) locally, on the East Coast, US. Further, there are indications that a USB-2 capable media may have been used for the first copy operation on July 5, 2016 and that a FAT-formatted media was used in the second copy operation on Sept. 1, 2016. (A USB flash drive is one of the most popular FAT-formatted media, but there are others including SD cards and removable hard drives.)

Essentially: files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information.

CORRECTION:April 5, 2018, at 5:24 p.m.Material posted on Guccifer 2.0's blog later appeared in each of WikiLeaks's major dumps during the 2016 election. An earlier version stated that was only true of the Podesta Files.https://www.buzzfeed.com/kevincollier/a ... .ih3Lqg5wj

following the evidence from the Russian side of the investigation led the Special Counsel's Office to Roger Stone

Note: I never indicated there is "proof", simply compelling analysis that, to this point, I've yet to see soundly refuted.Welcome any findings that clearly indicate otherwise.

Note, part 2: I generally don't dismiss ("disapprove") a source outright, but historical perspective provides much context; if a source sings a certain tune off-key, it typically will continue to do so.Still, any mainstream source is capable of providing useful information; some may require more parsing than others.Lately, however, the crap-meter has been in the red, glaringly so.

Thank you for the links, Belligerent Savant, I appreciate your effort to inform. I didn't realize Scott Ritter did that research - I'm pretty sure I read something similar elsewhere, but the original attribution escaped me. That Ritter would be on top of this is something I find ironic on a couple different levels: 1) Ritter took on the IC the last time they were in consensus on a threat posed by a foreign power - Iraq in 2003 - and came out on the right side of history. 2) Ritter met a police decoy on an internet chat room posing as a 15 year old that he exposed himself to. I mention that not to try to discount him, just that I find it ironic someone busted for an online crime is now trying to bust others for their online crimes, so to speak.

I don't really know much about the veracity of Forensicator (who wasn't sure if Guccifer 2.0 is in Eastern Europe or Russia, but does use a a Russian-aligned VPN service to mask his IP address) but Ritter usually does top-notch research. My only complaint with him on this article is that one of his primary sources for disputing CrowdStrike/Alperovitch is Kaspersky, which he described as "a well-regarded Russian-based cyber security company." You couldn't pay me to install Kaspersky on my personal computer, I have had way to many people who know way more about computers than I do steer me away from it on the basis of it being not reliable. That personal note aside, he did use a number of other sources that seem reliable to me, so I don't think CrowdStrike can be classified as above reproach.

Honestly, I'm still kind of on-the-fence as to whether Russia did the DNC cyber attack. Ritter seems to be as well when he says, "Maybe Russia did it. This conclusion cannot be discounted." Of all the IC investigations, the FBI/Homeland Security one is what I find most interesting, because they said Fancy Bear and Cozy Bear used “spearfishing” attacks, which eliminated the possibility Guccifer 2.0 penetrated the DNC through a "zero day" exploit. This makes me wonder if their intelligence is based on sources other than CrowdStrike. Perhaps Ritter might be close to the truth when he wonders, "could Guccifer 2.0 be Cozy Bear?" I just think given the geographical area most people have placed Guccifer 2.0 operating from and given the milieu where this shady character would operate, it seems pretty implausible that a hacker of his/her skills would have absolutely no Russian connections. It's the one aspect of the whole Trump/Russia covfefe that I think is impossible to determine whether a canard is being propagated or not.

"Huey Long once said, “Fascism will come to America in the name of anti-fascism.” I'm afraid, based on my own experience, that fascism will come to America in the name of national security."-Jim Garrison 1967

All salient points, SRP. I may add more 'color' on this topic another time/on its own thread (so as not to derail this thread further), but I will quickly add that the reference to Kaspersky as "well-regarded" is understandable; outside of any software/'consumer'-based tools that may have spotty reliability, the firm also offers cyber security at the enterprise-level and their capabilities/depth of expertise are well-regarded, generally, in the industry.

I include the forensicator bit as it passes my own 'sniff' test, though have not attempted to verify the source.

(Full disclosure: I operate in the field of digital forensics/cybersecurity, and am familiar with many of the analyses/procedures described in these, and other, reports that have attempted to flesh out the 'source' of Guccifer).

All that said, None of this can be confirmed/corroborated without access to the original source data, or the pristine forensic images that Crowdstrike claims to have obtained/analyzed.

EDITED TO ADD: my position remains: there is NO evidence confirming Guccifer's "source location", certainly not to the extent conveyed/suggested by most media outlets. Any media source identifying Guccifer as Russian -- without a caveat that his/her origin remains unsubstantiated -- is either lazy or suspect.

A day after it was revealed that two Russian cybersecurity experts had been arrested on treason charges, Russian media is reporting that the total number of arrests is four: including Sergei Mikhailov, the top cybersecurity officer in Russia’s Federal Security Service.

A senior leader in Russia’s spy agency, Dmitry Dokuchaev, wanted by FBI and suspected to be linked to Russian meddling in 2016 US election, has agreed to plead partially guilty to sharing information with foreign intelligence

“one of the individuals about whom Dokuchaev shared information was alleged Russian hacker Yevgeniy Nikulin” who was extradited to California on Friday and has pleaded not guilty

Czechs Extradite Alleged Russian Hacker Nikulin To U.S.

March 30, 2018

The Czech Justice Ministry has announced that an alleged Russian hacker wanted by both Washington and Moscow has been extradited to the United States.

Yevgeny Nikulin is accused of hacking big Internet companies including LinkedIn and Dropbox in 2012 and 2013. In the United States, he faces up to 30 years in prison if convicted on charges that include computer intrusion and identity theft.https://www.rferl.org/a/russia-us-czech ... 35397.html

July 19, 2017Back in July, I noted that Vladimir Putin started waxing about independent hackers’ “art” as it looked more and more likely that Yevgeniy Nikulin, the guy DOJ has accused of hacking Linked In and MySpace, among others, would be extradited to the US. Nikulin also made some news by alleging that back in February, the FBI Agent who had interrogated him in Prague had asked him about the election hack.

Now Nikulin has gone one better, writing to President Trump with his claim that he was asked to perjure himself by claiming credit for the DNC hack. (h/t ME)

Obviously, this might just be a ploy to garner attention and give Russia some ammunition to bolster their (thus far reportedly losing) claim that they should get custody of Nikulin for a minor hack rather than the US for a number of very major ones. It is a good way to get attention, especially given the way Trump keeps raising doubts about who hacked the DNC.

But it is actually not crazy to think Nikulin had a role in the DNC hack. One fairly credible alternative theory for the source of the DNC emails dealt to WikiLeaks is that someone used easily cracked credentials from Nikulin’s alleged breaches to obtain the email boxes of about 9 people at the DNC. If that were the case, it would raise the stakes for the logic behind the hacks Nikulin is alleged to have committed and the timing of the more public release of the stolen credentials.

In which case Nikulin’s appeal to Trump (who of course has shown zero interest in the plight of unjust DOJ claims for anyone else, even American citizens, since being elected) would be far more interesting — a way for Trump to personally intervene to prevent potentially damning information from landing in the hands of American prosecutors.

"The red flag for me is why the Russians fought so hard to keep him from being extradited," said Nick Akerman, a former Watergate prosecutor. "Why would they care about some low-level hacker?"

Akerman added that Nikulin was "in the right place, at the right time in terms of what the Mueller probe is interested in …The fact that the Russians fought so hard makes you wonder (what he knows). You'd certainly expect the Mueller team would want to talk to him."

Award-winning Russian lawyer just made a damning announcement about Putin and TrumpA Russian lawyer honored by Human Rights Watch just told Australian public television that Vladimir Putin has lots of dirt on Donald Trump from the 2013 Miss Universe pageant held in Moscow.

The two FSB officers were arrested just after Trump took office, leading former NSA officials to speculate that there was a connection between the two events.

Long-time GOP operative Roger Stone said in a 2016 interview on the InfoWars radio show that he knew when WikiLeaks would disclose a trove of hacked emails, despite telling CNN on Friday that he was not aware of the timing.

In an Oct. 2, 2016 interview on InfoWars, Stone said that an intermediary met with WikiLeaks founder Julian Assange, and that he had been assured that the anti-secrecy website would release the hacked documents on Oct. 5, 2016.

"Now, an intermediary met with [Assange] in London recently, who is a friend of mine and a friend of his, a believer in freedom," Stone said at the time. CNN's "K-File" reported on the interview Saturday.

"I am assured that the motherlode is coming Wednesday. It wouldn't be an October surprise if I told you what it was, but I have reason to believe that it is devastating because people with political judgment who are aware of the subject matter tell me this. So right now, you see a terrible scrambling by the Clintonites to attempt to discredit Assange, to try to soften the blow."

The interview on InfoWars came a day after Stone tweeted: "Wednesday @HillaryClinton is done. #Wikileaks."

Stone denied in a Friday interview on CNN that he had any advance notice about the WikiLeaks disclosures, and had not communicated with Assange or anyone else connected to the website.

"I had no advanced notice of the content source or exact timing of the WikiLeaks disclosures including the allegedly hacked emails," he said. "I never received anything whatsoever from WikiLeaks, Julian Assange, anyone associated with them, or anyone else, including allegedly hacked emails, and passed them onto Donald Trump."

To be sure, WikiLeaks did not release the hacked emails on Wednesday, Oct. 5 as Stone had predicted. The website began releasing the hacked emails of former Clinton campaign chairman John Podesta two days later.

Stone told CNN in an email on Saturday that he got the release date wrong because his "source changed his prediction."

Questions about Stone's contacts with WikiLeaks have resurfaced in recent days after the Wall Street Journal reported that Stone had claimed in an August 2016 email that he had dinner with Assange. He has since said that the email not serious, and has pointed to travel records showing that he never went to London to meet the WikiLeaks founder.http://thehill.com/homenews/news/382125 ... isclosures

following the evidence from the Russian side of the investigation led the Special Counsel's Office to Roger Stone

Almost seems desperate or senile to return to this canard about Roger Stone's "advance knowledge" (the ultimate attention whore glomming on to the teasers that had already been tweeted) two years later, with no pretext or new information for the repeat.

.

To Justice my maker from on high did incline:I am by virtue of its might divine,The highest Wisdom and the first Love.